OPNsense Forum

English Forums => General Discussion => Topic started by: nununo on August 30, 2019, 07:38:45 PM

Title: Help needed trying to route traffic from a subnet through a VPN client
Post by: nununo on August 30, 2019, 07:38:45 PM
Hi,

What I need:
I have several subnets defined in my OPNSense and need one of them to access the Internet through a VPN client instead of through the default gateway.

I also found a tutorial for OPNSense+NordVPN but it routes all traffic through the VPN. I just want to route one of the subnets. The rest must remain unchanged.

What I did:
After reading a lot from OPNSense's docs and some online tutorials (some specific to pfSense) I gave it a try:


This is it. But somehow it is not working properly.

The problem:
A computer in this subnet 10.0.4.1/24 can successfully ping 10.0.4.1 but when it tries to ping google.com this happens:

PING google.com (216.58.201.174): 56 data bytes
64 bytes from 10.0.4.1: icmp_seq=0 ttl=64 time=1.177 ms
64 bytes from 10.0.4.1: icmp_seq=1 ttl=64 time=2.376 ms
64 bytes from 10.0.4.1: icmp_seq=2 ttl=64 time=2.009 ms
64 bytes from 10.0.4.1: icmp_seq=3 ttl=64 time=1.850 ms


Notice how DNS is able to find google.com IP but then it actually tries to ping 10.0.4.1.

And this is where I get lost. For sure I'm missing something or doing something wrong, but what? I'm not so sure about the Firewall rules I added in both LANVPN and WANVPN. I specially wonder why the interface WAN has an automatically generated rule called "let out anything from firewall host itself (force gw)" while the new interface WANVPN doesn't.

Any help is welcome.

Thanks in advance,
Nuno